OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: anti UCE sugestion and reject debug needed ....
From: Lars Hecking (lheckingnmrc.ie)
Date: Fri Oct 20 2000 - 08:18:10 CDT

Oswaldo E. Aguirre M. writes:
> Hi all, I'd like to get some suggestions for anti UCE rules for
> postfix, taking into account that we are MX for some universities have
> some virtual domains and we have some networks connected without email
> server and needs to send/receive emails.
>
> currently I have this in the main.cf, how "fine" is this? suggestions?
>
> smtpd_sender_restrictions = permit_mynetworks, check_client_access dbm:/etc/postfix/access, reject_invalid_hostname, reject_maps_rbl, permit
>
> smtpd_recipient_restrictions = reject_invalid_hostname, permit_auth_destination, reject_unauth_pipelining, permit_mynetworks,dbm:/etc/postfix/access, reject_unknown_sender_domain, reject_unauth_pipelining, check_recipient_access regexp:/etc/postfix/recipient_checks, permit_mx_backup, check_relay_domains
>
> maps_rbl_domains = rbl.maps.vix.com, dul.maps.vix.com, relays.mail-abuse.org
 
 See the file RESTRICTION_CLASS in the postfix distribution and the faq at
 www.postfix.org. You can use per-client/helo/sender/recipient restriction
 classes to implement a different set of restrictions for every domain.

 I'd suggest that you impose no restrictions at all on mail for the domains
 you're MXing for unless they specifically request it.

[...]
> and that's why I am also asking to know how can I get information
> on why the emails where rejected, if this can be done with postfix.
 
 Sorry, can't answer that.